Sr.CyberSecurityAnalyst

## Accountabilities Support the execution and coordination of third-party audits and certifications, including SOC 2, PCI-DSS, ISO 27001, and NIST CSF. Maintain and enhance the organization’s GRC framework by developing, reviewing, and updating security policies, standards, and controls. Manage security questionnaires and customer due diligence requests, ensuring accurate and timely responses. Conduct vendor risk assessments, track third-party compliance, and maintain risk registers and mitigation plans. Perform enterprise-wide risk assessments across systems, processes, and tools, ensuring proper documentation and remediation tracking. Support access governance activities, including periodic access reviews, identity lifecycle management, and least privilege enforcement. Contribute to incident response planning, disaster recovery readiness, and security awareness initiatives. Monitor evolving threats, compliance requirements, and industry best practices to continuously strengthen the security posture. Requirements: 3–5 years of experience in cybersecurity, IT risk, or GRC-focused roles. Strong understanding of compliance frameworks such as SOC 2, ISO 27001, PCI-DSS, and NIST CSF. Hands-on experience supporting audits, certifications, or regulatory assessments. Knowledge of risk management methodologies, control design, and compliance documentation practices. Experience handling security questionnaires and translating technical controls for business stakeholders. Familiarity with identity and access management (IAM) and access governance processes. Strong communication, documentation, and stakeholder coordination skills. Experience with GRC platforms such as Vanta, Drata, or similar tools is a plus. Exposure to SaaS, FinTech, or regulated environments is highly desirable. Certifications such as CISA, ISO 27001 Lead Auditor/Implementer, or PCI ISA are preferred but not mandatory. Benefits: Opportunity to work in a high-impact cybersecurity and compliance function with